diff options
Diffstat (limited to 'modules/pam_localuser/README')
-rw-r--r-- | modules/pam_localuser/README | 55 |
1 files changed, 38 insertions, 17 deletions
diff --git a/modules/pam_localuser/README b/modules/pam_localuser/README index b8cdf524..50663ead 100644 --- a/modules/pam_localuser/README +++ b/modules/pam_localuser/README @@ -1,17 +1,38 @@ -pam_localuser: - Succeeds iff the PAM_USER is listed in /etc/passwd. This seems to be a - common policy need (allowing only a subset of network-wide users, and - any locally-defined users, to access services). Simpler than using - awk to generate a file for use with pam_listfile (-F: '{print $1}'), - I guess. - -RECOGNIZED ARGUMENTS: - debug write debugging messages to syslog - file=FILE scan FILE instead of /etc/passwd - -MODULE SERVICES PROVIDED: - auth,account scan the FILE (/etc/passwd by default) and return - a success code if an entry is found for the user - -AUTHOR: - Nalin Dahyabhai <nalin@redhat.com> +pam_localuser — require users to be listed in /etc/passwd + +━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ + +DESCRIPTION + +pam_localuser is a PAM module to help implementing site-wide login policies, +where they typically include a subset of the network's users and a few accounts +that are local to a particular workstation. Using pam_localuser and pam_wheel +or pam_listfile is an effective way to restrict access to either local users +and/or a subset of the network's users. + +This could also be implemented using pam_listfile.so and a very short awk +script invoked by cron, but it's common enough to have been separated out. + +OPTIONS + +debug + + Print debug information. + +file=/path/passwd + + Use a file other than /etc/passwd. + +EXAMPLES + +Add the following line to /etc/pam.d/su to allow only local users in group +wheel to use su. + +account sufficient pam_localuser.so +account required pam_wheel.so + + +AUTHOR + +pam_localuser was written by Nalin Dahyabhai <nalin@redhat.com>. + |